mock-saml icon indicating copy to clipboard operation
mock-saml copied to clipboard

Published 20 hours ago verified publisher icon boxyhq

Add support for custom attributes

Open agiannone opened this issue 1 year ago • 3 comments

Is it possible to add support for custom attributes in the SAML response? For example, givenName, lastName, email, and so on.

agiannone avatar Mar 23 '23 05:03 agiannone

This is a great idea @agiannone and also ties in with https://github.com/boxyhq/mock-saml/issues/115. Thank you.

deepakprabhakara avatar Mar 23 '23 21:03 deepakprabhakara

Thanks for creating this issue @agiannone.

NathanTarbert avatar Apr 12 '23 21:04 NathanTarbert

Wanted to also request support for custom attributes.

Currently I'm seeing the SAML response contain the following attributes:

 <saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
            <saml:Attribute Name="id"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                            >
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >1dda9fb491dc01bd24d2423ba2f22ae561f56ddf2376b29a11c80281d21201f9</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute Name="email"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                            >
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >[email protected]</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute Name="firstName"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                            >
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >jackson</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute Name="lastName"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                            >
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >jackson</saml:AttributeValue>
            </saml:Attribute>
        </saml:AttributeStatement>

so it looks like the firstName and lastName are returned, but the login form does not have fields for these values, so I guess they're just mapped to the email form field?

Given that there are a wide range of attribute names in various systems, it'd be super handy to be able to pass in key/value pairs somewhere (.env? some yaml config?) that would be output to the saml: AttributeStatement node.

Alternatively it'd at least be nice to have first name / last name fields in the login form : )

nbennett25 avatar Apr 03 '24 18:04 nbennett25